If for some reasons you need to get current WordPress theme, here is a simple way to get it:
<?php
require(dirname(__FILE__) . '/wp-load.php');
$theme_name = get_current_theme();
echo $theme_name;
?>
Ref.
Brute-force attacks are one the most common ones against WordPress sites. One of the possible solution is to use Login Security Solution plugin. It tracks attempts to login and ban IPs if there are too many of them during certain period of time. The plugin stores all information about the attempts in wp_login_security_solution_fail table. Here is how you can get summary on IP addresses which are attacking your site:
select ip, count(ip) as attempts from wp_login_security_solution_fail group by ip order by attempts desc;
Now you can block the most active of them in the firewall.
If you need to install ionCube loader on Centos 6.4 you will need either to enable Atomic repository on your Linux box or to download their SRPM package and rebuild it.
Way 1
wget -q -O - http://www.atomicorp.com/installers/atomic |sh
yum install php-ioncube-loader
Way 2
rpm -ivh rpmbuild/RPMS/x86_64/php-ioncube-loader-4.2.2-2.art.x86_64.rpm
rpmbuild -bb ~/rpmbuild/SPECS/php-ioncube-loader-art.spec
rpm -ivh rpmbuild/RPMS/x86_64/php-ioncube-loader-4.2.2-2.art.x86_64.rpm
Checking:
[root@sched ~]# php -v PHP 5.4.13 (cli) (built: Mar 14 2013 08:57:49) Copyright (c) 1997-2013 The PHP Group Zend Engine v2.4.0, Copyright (c) 1998-2013 Zend Technologies with the ionCube PHP Loader v4.2.2, Copyright (c) 2002-2012, by ionCube Ltd. [root@sched ~]#
If you use postfix with DKIM milter and start getting such error:
no key selected for signing milter-reject: END-OF-MESSAGE from localhost
make sure you have correct version of milter_protocol in your main.cf:
/etc/postfix/main.cf: # Postfix ≥ 2.6 milter_protocol = 6 # 2.3 ≤ Postfix ≤ 2.5 milter_protocol = 2
If you get
fatal: git-http-push failed
error message while trying to push you changes to remote WebDAV repository, make sure you have you login and password in your Git config file. Like this:
[remote "origin"] fetch = +refs/heads/*:refs/remotes/origin/* url = http://username:[email protected]/repo.git
The solution was found on Stackoverflow.
fail2ban is a simple daemon (written in Python, BTW) which monitors your Linux server logs and is able to prevent bruteforce attacks by adding bad IP addresses to iptables. This is a simple self reminder on how to setup it.
yum install fail2ban
vim /etc/fail2ban/jail.conf
If you want fail2ban to only notify you (and not add them to iptables) modify the configuratio files this way:
action = sendmail-whois[name=SSH, [email protected], [email protected]]
It would be wise to add your IP addresses to be ignored:
ignoreip = 127.0.0.1/8
Start:
service fail2ban start
Enable auto start:
chkconfig fail2ban on
Now if somebody tries to brueforce your SSH you’ll get a mail.
By default Worpdress places readme.hml file to your webroot directory, so it’s possible to get it. The problem is this file contains your WordPress version. So if for some reason you have vulnerable version of WordPress you might want to hide this file. This is how you can implement this:
location = /readme.html
{
return 404;
}
Keep in mind that it will not remove your WordPress version from your feeds and HTML headers.
To disable error reporting to a browser add next line to your application:
disable :show_exceptions
The repository with spec file as well as the installation description can be found at Github.
yum install gcc-c++ openssl-devel
wget -P ~/rpmbuild/SOURCES http://nodejs.org/dist/v0.8.21/node-v0.8.21.tar.gz
wget -P ~/rpmbuild/SPECS https://raw.github.com/vibol/node-rpm-spec/master/nodejs.spec
Modify spec file to match current version.
rpmbuild -ba ~/rpmbuild/SPECS/nodejs.spec
rpm -ivh rpmbuild/RPMS/x86_64/nodejs-0.8.21-1.x86_64.rpm
init.d script can be found here. You would also need to modify it for your application.